From this blog post: http://blog.cryptographyengineering.com/2015/10/a-riddle-wrapped-in-curve.html <http://blog.cryptographyengineering.com/2015/10/a-riddle-wrapped-in-curve.html>
To quote Matthew Green:
<BEGIN>
By calculating the number of possible curve families, Koblitz and Menezes show
that a vast proportion of curves (for P-256, around 2^{209} out of 2^{257})
would have to be weak in order for the NSA to succeed in this attack. The
implications of such a large class of vulnerable curves is very bad for the
field of ECC. It dwarfs every previous known weak curve class and would call
into question the decision to use ECC at all.
In other words, Koblitz and Menezes are saying that if you accept the weak
curve hypothesis into your heart, the solution is not to replace the NIST
elliptic curves
<https://www.ietf.org/mail-archive/web/cfrg/current/msg06426.html> with
anything at all, but rather, to leave the building as rapidly as possible and
perhaps not shut the door on the way out. No joke.
On the gripping hand, this sounds very much like the plan NSA is currently
implementing. Perhaps we should be worried.
</END>
So, I’m not a cryptographer, but ya’ll (supposedly) are. Any legitimacy to this?
- Greg
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
